Sun Flaws Make Contest Fodder

Sun Microsystems has asked the developer community to help it attack the new security enforcement component in the upcoming version of Java Platform, Standard Edition (Java SE).

The company launched the "Crack the Verifier" challenge Monday, making Java SE 6.0 binaries and source code available under its Java Research License (JRL) to any interested parties.

The challenge is designed to look for flaws in both the implementation and the specification itself. Work on the technology is currently under way in the Java Community Process (JCP), under Java Specification Request 202 (JSR-202), "Class File Specification Update."

Sun developers are looking for two things: whether there are any bugs in the new verifier and whether the whole thing is fundamentally flawed and needs to be scrapped.

Graham Hamilton, vice president and fellow on the Java platform team, said that while he's hoping for the former, the latter means a missed opportunity for the Java community but the ability to replace the new technology with the existing verifier in time to launch Java SE 6.0 next summer.

There are three ways developers can look for bugs to squash: They can look for a flaw in the type-checking verifier specification within JSR-202; they can look for an ambiguity in the wording of the specification that would lead to an unsafe implementation; or they can find a flaw in the implementation Sun has provided within the snapshot builds of Java SE 6.0, code-named Mustang.

Contest entries will be accepted until Jan. 31, 2006, and judged by a panel of Sun engineers who will determine if the submitted bugs compromise the Java security model.

Those who find a significant flaw in the specification will be brought on stage during the keynote speech at JavaOne next year. Discovered flaws in the implementation will receive acknowledgment on the Java.net Web site.

Sun is fundamentally changing the way Java handles security through its applets

Advertiser Disclosure:
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.